Vulnerability Management Analyst


Greenbelt, MD

Industry: Technology


11 - 15 years

Posted 31 days ago

  by    Next Step Systems

This job is no longer available.

Vulnerability Management Analyst

The Technician (Vulnerability Analyst) will work seamlessly with the ISSM and other IT Security staff to create a holistic and fully integrated IT Security organization for the overarching Program.

-Plan and execute vulnerability and compliance scans across the infrastructure.

-Analyze scan reports to determine technical validity and merit.

-Collaborate with infrastructure and application teams on security vulnerability remediation or patch management validation.

-Identify and recommend appropriate measures to manage and remediate vulnerabilities.

-Monitor and track security-related defects and resolutions.

-Triage request for security scans from infrastructure and application teams.

-Assist in establishing and implementing a CDM capability with integrated security controls; Enable continuous monitoring to proactively survey, monitor, and track security-related defects and the status of their resolutions.

-Employ automated or manual continuous monitoring techniques. Research GOTS or COTS automated continuous monitoring solutions.

-Develop vulnerability scanning rules.

-Develop scan results review and assessment procedures. Provide reports.


-Bachelor's Degree in a relevant major from an accredited college or university with 10+ years of continuous and progressive experience.

-In-depth technical experience with Tenable Nessus, SecurityCenter, HP WebInspect, and BigFix.

-Experience in threat and vulnerability management, and penetration testing.

-Experience with multiple programming and scriptinglanguages (such as, Java, Python, C++, .NET).

-Demonstrated experience with Linux, Windows, and Cisco.

-Knowledge of web application administration and management.

-Knowledge of OWASP Top 10.

-Knowledge of FedRAMP and FISMA compliance methodologies.

-Demonstrate knowledge of networking concepts and devices (Firewalls, Routers, Switches, and Load Balancers).

-Demonstrate an understanding of network and web related protocols (such as, TCP/IP, UDP, IPSEC, HTTP, HTTPS, routing protocols).

-Experience developing and improving KPIs, metrics, and trending for vulnerability management functions.

-Understanding of how applications, networking, operating systems, and databases work.

-Familiar with industry standard security best practices and vulnerability management processes including compliance reporting.

-Working knowledge of FISMA controls with the ability to oversee traceability to the controls.

-Past experience working throughout a complete IT Security life-cycle preferred.

-Project task management skills desired.

-Experience supporting a complex System of Systems preferred.

-Experience in working as a compliance and security control planner and implementer.

-Ability to define and manage reporting and measurement systems for IT Security.

-Ability to understand CIS and DISA STIG benchmarks.

-Certifications: Certified Ethical Hacker (CEH), Security +, Network+, Tenable Certified Nessus User.

-Tools/Technology Experience: Broad knowledge of security tools for both cloud and Data Center, including commercial and open source.

Keywords: Greenbelt MD Jobs, Vulnerability Management Analyst, Nessus, SecurityCenter, HP WebInspect, BigFix, Vulnerability Management, Penetration Testing, Scripting, Linux, Windows, Cisco, Maryland Recruiters, Information Technology Jobs, IT Jobs, Maryland Recruiting

No Corp-To-Corp Or Third Party Recruiters; W-2 Direct Hire Only.


$140K - $160K